your attack surface is explosive: secure it with asm

Your Attack Surface is Explosive: Secure It with ASM

Your attack surface is growing.

Growing might be an understatement. It’s exploding.

Check this out: according to Jupiter One’s 2023 State of Cyber Asset Report, there’s been a 600% growth in cloud attack surfaces – 600%!

If you’ve been following our blog, this idea of the growing attack surface isn’t new. From IoT devices, SaaS applications, and remote work BYOD (Bring Your Own Device) there are more devices out there than ever before. And the hackers know it.

As your attack surface grows, potential vulnerabilities increase – something we’ll talk about more in just a moment. We’ve covered potential solutions, namely zero trust security, but today we’re taking your attack surface head-on with attack surface management (ASM).

Let’s start by answering a very basic question…

What’s an Attack Surface?

A company’s attack surface has been a common theme recently and for good reason – it’s a serious security concern.

Your attack surface is any part of your organization that a hacker could use to enter, both on-premises and off. This can be a compromised computer login, a faulty IoT device, an insecure SaaS application – the list goes on.

As your attack surface grows, your risk of getting hit by a cyberattack drastically increases – it’s really that simple. Hackers will search your entire attack surface, combing for easy entry.

To get an idea of how big your attack surface can get, let’s break it down into three broad categories: digital, device and social engineering.

Digital Attack Surface – This attack surface exposes anything connected to the internet. Examples include:

  • Servers
  • Laptops
  • Computers
  • Databases
  • Applications
  • Websites

Device Attack Surface – This attack surface includes a company’s physical hardware. Examples includes:

  • Computers
  • Laptops
  • Mobile devices
  • Printers
  • TVs
  • Routers
  • Security Cameras

Social Engineering Attack Surface – This attack surface preys on your employees’ psychology. Hackers use social engineering to trick your team into sharing and compromising their personal or company data. Examples include:

  • Phishing emails
  • Fraudulent phone calls
  • Scam websites
  • Ransomware

Attack surfaces are ballooning to immense sizes. According to Randori’s The State of Attack Surface Management 2022 – a subsidiary of IBM – 67% of organizations have seen their attack surface grow between 2020-2022, and things have not slowed down.

How do you even begin to defend something so massive? It’s almost as if you’d need to be a hacker to fully understand where to start…

Using ASM to Fight Back

Attack surface management is the practice of identifying, monitoring and managing your attack surface. ASM isn’t a single tool, but a combination of security software and best practices aimed at tackling your bloated attack surface head on.

With ASM you begin addressing your attack surface from the outside and work in, just like a hacker would. This helps you spot major threats like weak passwords, unsecured devices, or faulty software. Think like a hacker and you’re bound to find security risks.

ASM works on this principle. Companies use what we call ethical hackers – cybersecurity experts who test networks for weaknesses – to identify potential vulnerabilities. The main goal of ASM is to clarify and defend a company’s attack surface by continuously scanning and detecting issues.

You might wonder if ASM is really necessary, especially for small to medium-sized businesses (SMBs).

Let’s talk about that.

Why ASM?

There is too much out there for a single team to handle. Attack surfaces are constantly changing, with new assets coming and going daily. Hackers know this. Using automated tools, hackers can quickly scan networks for vulnerabilities and exploit them within hours.

And it gets worse.

Your attack surface is likely larger than you think, thanks to

shadow IT – unauthorized assets used without your IT team’s knowledge. How can you detect an infected laptop a remote user connected to your network for ten minutes or a malware-filled SaaS app? It boils down to this: You can’t secure what you can’t see.

According to a survey conducted by MIT Technology Review Insights, 50% of organizations have experienced a cyberattack on an unknown or unmanaged asset, and another 19% expect an incident.

Between known and unknown assets, companies must implement some form ASM to protect their attack surface.

The Steps of ASM

ASM involves four main steps: discovery, classification, prioritization, and remediation. These processes run continuously to keep up with the constantly changing attack surface.

Discovery

Your IT team or MSP will automatically scan the company to locate and record all assets.

Assets fall into these categories:

  • Known assets: Assets that are already known and managed. These are your safest assets, with vulnerabilities understood by your IT team.
  • Unknown assets: Assets, often from shadow IT, that appear on your network without the IT team’s knowledge. These assets pose a serious threat, as hackers can use unknown assets to access your network.
  • Rogue assets: Different from unknown assets, these assets are known by the IT team but are unauthorized. Rogue assets pose a serious security risk and include threats like phishing websites and malware.

Classification

After asset identification, assets are organized to aid future identification. ASM might record an asset’s IP address, its purpose, its name, and whether it connects to other devices.

Prioritization

Assets are then prioritized based on various threat factors. Given the uniqueness of each asset, it’s crucial to understand their different risks. The main factors weighed during this step are:

  • Ease of recovery– How easily can this asset be retrieved after an attack?
  • Attacker priority – How will hackers prioritize this asset during an attack?
  • Ease of exploitation – How easily can a hacker exploit or compromise this asset?
  • Previous composition – Has this asset previously been the victim of an attack?

How to Mitigate Your Attack Surface

While ASM helps secure your assets, it’s important to use additional practices to manage your attack surface effectively. As mentioned, security requires a multi-layered approach. Here are several ways to defend your organization’s attack surface against cyberattacks:

  • Minimize your devices: Use only the applications and devices necessary for your tasks.
  • Never skip an update: Make sure your apps are up-to-date and patched.
  • Review constantly: Have your IT team or MSP review your security environment and make changes as needed. Do not set and forget.
  • Authentication: Implement strong multi-factor authentication tools or utilize powerful software like Microsoft’s Intune.
  • Assume zero trust: A mindset that prioritizes security by ensuring no user is granted access without proper authentication. This mindset is a pillar of zero trust security.

There are so many more ways to help minimize your attack surface, so reach out to your IT team or give some of our other blogs a read.

Attack Surfaces Managed

The attack surface is not going away – it’s growing.

Your company will need more computers, laptops, phones, and servers. Those devices will need software. Each employee will use their own applications. Those applications may involve add-ons. Your company may rely on a web-based service or dozens of remote workers. Each device, each app, each piece of software adds to your attack surface brick by brick, and it only takes one crack before its game over.

You CAN’T handle this by yourself.

Fortunately, MSPs like The 20 MSP are here to help. Partner with us to set up your ASM strategy and lock down your attack surface. Don’t wait until it’s too late – get expert help now.

Stay safe out there, folks.